Guest User!

You are not Sophos Staff.

Thread Info
  • State Suggested Answer
  • Locked Locked
  • Replies 5 replies
  • Answers 1 answer
  • Subscribers 27 subscribers
  • Views 12842 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

XG105 - Firewall rules locking up

Julian Kelly

Hey everyone,

 

We have just swapped out a Draytek router for an XG105 for a client, copied exactly the firewall rules per the Draytek and most of the services have come across successfully. We now however are having issue with some remote SIP phones, for whatever reason whenever we attempt to make a call via a remote SIP phone it stops all firewall rules working on the Sophos, only way around it is to delete the 5060 and 6090 rules, restart the Sophos then all is fine again, confirmed this by added again and as soon as i make the call the sophos drops the firewall traffic from running until deleting the SIP rules and rebooting.

Have tried different firmware but issue persists on all.

Have tried turning off the IPS service, no change.

Nothing is flagging under Application or DDOS with packet drops etc.

Any help would be greatly appreciated.



This thread was automatically locked due to age.
Parents Reply Children
  • 0 in reply to sachingurung

    Hi Sachin,

     

    Sorry for late reply, I have gone through this with Sophos techs and senior techs, unfortunately no luck.

    Latest firmware has been applied and also rolled back to test other firmware, issue still persists.

     

    Its a very strange issue, the external VOIP phone connects the very first time perfectly fine, once you make that first call off it whether it be to a local extension to the PBX or an external number it refuses to connect, times out and hangs up. Then when you restart the phone you will find it no longer registers and the firewall rules have to be deleted and re-created for the phone to register again.

    Also no IPS/DoS logs stating anything, all showing 0 packets dropped.

  • 0 in reply to Julian Kelly

    Julian,

    use the drop-packet-capture command from console or tcpdump and see what is happening to your SIP traffic. Post the result here if you need help.

    Thanks

  • 0 in reply to Julian Kelly

    Please provide me the existing case# in the support team. I suspect that the issue could be related to the VoIP service providers or the ISP side. 

  • 0 in reply to sachingurung

    Hi , 

    Could you test by unloading sip module would help resolve your issue ? 

    Command in console option 4:

    console> system system_modules show
    pptp loaded
    h323 loaded
    tftp loaded
    irc loaded
    sip loaded

    console> system system_modules sip
    load unload
    console> system system_modules sip unload